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[57] ABSTRACT 

A method, apparatus, and article of manufacture for broad- 
casting encrypted software to a target computer enables 
simultaneous transmission to a plurality of licensed target 
computers. An encryption key is generated to encrypt a 
software package. The encryption key is then itself 
encrypted using a target computer identification code, and 
the encrypted encryption key is loaded onto the target 
computer. The encrypted software is broadcast, for example, 
via satellite, and received at the target computer. The target 
computer uses its identification code to decrypt the 
encrypted encryption key (i.e.. unlock the encryption key). 
Once the target computer unlocks the encryption key, it uses 
the encryption key to decrypt the software to be installed on 
the target computer. 

21 Claims, 4 Drawing Sheets 
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BROADCAST SOFTWARE DISTRIBUTION software is broadcast via satellite. The target computer 

obtains the encryption key by decrypting the encryption key 
BACKGROUND OF THE INVENTION using its identification code. The encryption key is then used 

1. Held of the Invention 10 deCT yP t me software to enable the software to be installed 
* . . ... * * - x _i • * 5 onto the target computer. 

This invention relates in general to broadcast distribution, 

and in particular, to broadcast software distribution using BRIEF DESCRIPTION OF THE DRAWINGS 

encryption key locking and unlocking procedures. 

2. Description_of Related Art Refemng_n^to_rae_dra^ ww'ch-like-reference- 

rrZ~ ^ * j *. , t . , numbers represent corresponding parts throughout: 

The software industry as a whole has experienced tre- io ^„ , M1 * 
mendous growth in recent years. There is a continuous mG * ^ ustra . tes ™ exemplary computer system envi- 
demand for new software products that address the needs in roa ™* x for usc m accordance with the present invention; 
new or changing industries. Moreover, software companies 2 is a flow chart illustrating exemplary steps which 

routinely upgrad e previously-released sofrwarc ^ptoductS-in^^-gg y used *° program^the„computer-system-of-FIG.-l.- 

Hresponse to specific user needs and/or to provide a product 15 according to the present invention; 
in a more efficient manner. FIG. 3 illustrates the packets of a compressed file that are 

Software companies have traditionally distributed its soft- transmitted to a target computer io a broadcast session, 
ware products through physical media such as tapes or according to the present invention; and 
diskettes, and, more recently, CD ROM. Companies store FIG. 4 is a flow chart illustrating exemplary steps, accord- 

their software on these physical media and ship them to 20 ing to the present invention, for verifying that software has 
customers for installation onto their home computers. been successfully transmitted in the system of FIG. 1. 

In distributing software by this method, however, various nFTAn vr> nP<irRnmnNF op thp 

problems have been encountered. The cost of media ff^V^^r OF THE 

duplication, shipping, and storage is quite high in many such PREFERRED EMBODIMENT 
applications. Moreover, the elimination of many types of 25 In the following detailed description of the drawings, 

such physical media has created unwanted environmental- reference is made to the accompanying drawings which 

waste concerns. In addition, this type of distribution form a part hereof, and in which is shown by way of 

involves unwanted delay associated with waiting for media illustration a specific embodiment in which the invention 

copies, packing, addressing, and shipping to obtain new may be practiced. It is to be understood that other embodi- 

products or new versions of existing products. ments may be utilized and structural changes may be made 

An alternative method of distributing software is through without departing from the scope of the present invention, 
phone lines. Software distribution centers, having a host FIG. 1 illustrates an exemplary computer system envi- 
computer with a modem, transmit the software through ronment that can be used in conjunction with the present 
phone lines to a customer's computer in response to the 35 invention. The exemplary environment includes a host corn- 
customer's order for particular software packages. puter 10 and an encryptor 12 at a Software Distribution 

This alternative form of distribution has also encountered Center (SDC), a satellite 14 for relaying transmitted 
problems. The number of customers who can receive a given software, a target computer 18, and peripheral computers 
transmission is limited by the physical capabilities of the 20a-n which are coupled to the target computer 18. As 
phone lines. If numerous customers order the same software 40 illustrated, the encryptor 12, which encrypts software pack- 
package, such as when a company distributes an upgraded ages loaded on the host computer 10, is separate from the 
version to existing subscribers, the software company must host computer 10. It is understood, however, that the encryp- 
repeatedly transmit the same software package until all its tor 12 can be configured to be part of the host computer 10. 
customers have received the product This approach is both In the exemplary computer environment of FIG. 1, the 
costly and time consuming. 45 target computer 18 contains a licensing software program 22 

Accordingly, there is a need for an improved method and and a receiver/installer software program 24. which are 

computer system for distributing software that overcomes typically embodied on one or more program storage devices, 

the above-mentioned deficiencies associated with prior tech- A customer is licensed or otherwise authorized to use the 

nlques. The present invention provides a solution to these broadcast service of the present invention. With such 

and other problems, offering advantages over conventional 50 authorization, the customer receives the licensing program 

implementations. 22 and receiver/installer 24 program loads these programs 

SfTMMARV OF TTTP rwFKnnw onto com P uter l8 ' enabling receipt of software 

0UMMAK1 OF I HE INVENTION transmitted in accordance with this invention. Hie licensing 

To overcome the limitations in the prior art described program 22 provides for the entry and tracking of strings for 

above, and to overcome other limitations that will become 55 aU software products purchased. The licensing program 22 

apparent upon reading and understanding the present also generates the unique computer identifier code (e.g.. 

specification, the present invention provides a unique computer identification number) for the computer 10 that the 

method, apparatus, and article of manufacture for broadcast- installer/receiver program 24 runs. As described below, a 

ing encrypted software to a target computer. In one embodi- customer provides this unique identification code whenever 

merit of the present invention, an encryption key, which is 60 11 places an order for a software package. The installer/ 

unique to the particular software package, is used to encrypt receiver software program 24 enables the target computer 18 

the software package, and is then itself encrypted using the to receive software that is broadcasted, for example via 

unique identification code of the target computer. This key satellite 14. and to install the software onto the target 

is loaded onto the target computer, to lock the particular computer 18. The peripheral computers 20o-*i also contain 

software package to the target computer. The software is 65 installer/receiver software, 

then broadcast from a send computer and received at the The host computer 10 in FIG. 1 contains a library of 

target computer. In a more particular implementation, the stored software packages that customers may order. For each 
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software package, an encryption key is generated and the cated to the user in block 42. The software is broadcast as 

software package is encrypted using that encryption key. one compressed file via satellite. The bits of the file are 

The encrypted software is then compressed and stored as pushed out on the line in a manner similar, for example, to 

one packet in a single compressed file. The compressed file transmission over TCP/IP or modem, 

also includes a packet which identifies the particular soft- 5 Block 46 represents the target computer receiving the 

ware product included in the file. As described in more detail software that is broadcast via satellite. At the time specified 

below in connection with FIGS. 3 and 4, each compressed f or transmission, users "tunc in" with their receivers to the 

file further includes a checksum packet which is generated specified frequency or channel. As an option.the, receiver- 

at the timejhe ^ftware_package_ is_ encrypt ed^and could be sct ujr to IbolTfoT^^wnload a specific list of 

compressed, enabling the target computer 18 to determine 10 ordered products, or specific versions of a product For 

whether a software package is transmitted without error, A example, a user may want to always download new versions 

transmitting program on the host computer 10 contains ©f products that were already installed so that the user 

information regarding the time at which each software always has the latest version of the software product. 

package will be transmitted. The ti^smission and encryp- Block 48 ret^sents checkmgwhem^^ 

-tioo of-software arc performed using techniques well-known 15 succcssful> if fa 0 transmission is not successful, then the 
in the art SDC provides the user with the relevant information regard- 
Referring now to FIG. 2, a flow chart is illustrated i D g the next broadcast of the software. The target computer 
detailing the steps which may be used to program the \$ then waits until that time that the software is retransmit- 
computer system of FIG. 1, with the host computer 10 ted and subsequently receives the software as described in 
transmitting a software package to a target computer 18 20 connection with block 46. If the transmission is successful, 
through a broadcast medium, according to the present inven- then, as represented in block 50. the target computer 
tion. Block 30 represents installation of a licensing program decrypts the encrypted encryption key using its identifica- 
and receiver/installer program on the target computer 18. As tion code. Once this is performed, the target computer 
explained above, only users having this software on their decrypts the software using the encryption key specific to 
computer receive software according to this invention; the 25 the software product 

encrypted software that is transmitted via satellite is other- The decryption Q f the software, represented in block 52. 

wise unusable. at me target computer 18 occurs as follows. The licensing 

Blocks 32 and 34 represent the target computer 18 calling program 22 generates the identification code of the target 

the SDC to order a particular software package. When the computer 18 which, in turn, is transmitted to the receiver/ 

customer orders the software, the customer selects an option installer program on the target computer 18. In the 

provided by the licensing program 22, which produces the alternative, the receiver/installer program itself generates the 

identification code of the target computer 18. A customer identification code. The receiver/installer program 14 on the 

gives his identification code to the operator receiving the target computer 18 utilizes this identification number to 

software order at the SDC. 35 decrypt (he encrypted encryption key. The encryption key in 

Block 36 represents the SDC encrypting the encryption turn enables the target computer 18 to decrypt (i.e., unlock) 

key specific to the ordered software package. When the SDC the transmitted software. This process occurs virtually 

receives the identification number of the target computer 18, simultaneously, thereby making it extremely difficult to 

it produces a new key (e,g,. an ASCII string) by encrypting identify the encryption key during the process, 

the software encryption key for the ordered software pack- ^ Consequently, only the target computer 18 can decrypt the 

age using the identification code of the target computer 18. software. 

The purpose of the new key (ie., the encrypted encryption Block 54 represents deterxaining whether there are other 

key) is to lock a particular computer (e.g., the computer with peripheral computers to receive the software. If there are no 

the identification code used to encrypt the encryption key) to peripheral computers* the target computer 18. as represented 

a particular software package. Instead of allowing any <5 in blocks 56 and 58, decompresses and installs the software 

computer having the encryption key to listen to the broad- onto the target computer 18. Specifically, the installer/ 

cast and obtain software illegally, only the target computer receiver program 24 invokes a routine to decrypt and 

18 whose identification code is used to encrypt the software decompress the temporary data file. This part of the instal- 

encryption key. accesses the transmitted software. As rep- lation copies files to the file destination with the appropriate 

resented in block 38, the SDC provides the new key to the ^ permissions and ownership on the target computer 18, 

target computer 18. The SDC provides this string to the Moreover, it kicks off any installation scripts required to 

target computer 18, for example, via fax or e-mail. complete the installation, configuration, or tuning specific 

Block 40 represents the user of the target computer 18 for the application installed, 

entering the encrypted encryption key (i.e.. new key) onto As depicted in blocks 60, 62 and 64. if there are other 

the target computer 18. The installer/receiver program on the 55 peripheral computers connected to the target computer 18, 

target computer 18 provides a user interface requesting the then the target computer 18 distributes the software to the 

user to insert the new key provided by the SDC. The target peripheral computers 2fta-n which in turn decompress and 

computer 18 then stores this key. install the software. As mentioned previously, each of the 

Block 42 represents the SDC providing to the user of the peripheral computers 20o-« has a receiver/installer software 

target computer 18 the time and channel/frequency that the 50 product to enable the decompression and installation of the 

ordered software will be broadcast Software products arc software. 

broadcast from the SDC. for example, during scheduled Referring to FIG. 3, a compressed file for a software 
timeslots. Preferably, popular products are broadcast at package is illustrated, having multiple packets. The corn- 
regular intervals, while relatively uncommon software prod- pressed file, generally designated 70. includes a header 72. 
ucts are periodically scheduled at the request of a user. 65 a compressed installable file packet 80, a checksum packet 
Block 44 represents transmission of the software from the 82, and an end-product broadcast packet 84. The header 72 
SDC at the time and channel/frequency mat was communi- includes a begin product broadcast packet 74, a product 
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identification packet 76 and a version packet 78. The begin 
product broadcast packet 74 signals the beginning of the 
transmission of a new software product The product iden- 
tification packet 76 identifies the software product that is 
transmitted. Version packet 78 identifies the particular ver- 
sion of the software product that is transmitted. For example, 
the version packet 78 notifies users when a software product 
upgrade is being transmitted. Other identifying information 



could alio be included as part of me header 72. For example, 
there could be a vendor header packet to enable a target 
computer to monitor for all software products that a par- 
ticular vendor offers. 

Packet 80 in the compressed file contains the compressed 
- iri stallable file." This includes the~compfessed software and" 
the configuration scripts. 

Packet 82 is the checksum packet. As described in more 
detail below with the respect to FIG. 4, the checksum packet 
82 enables the user at the target computer 18 to verify that 
the transmission is successful. The end product broadcast 
packet 84 notifies the target computer that the transmission 
is complete. 

Referring now to FIG. 4, a flow chart illustrates the steps 
for verifying that the software is successfully transmitted. 
Block 90 represents the transmission of the compressed 
software contained in the compressed installable file packet 
80. Block 92 represents transmission of the checksum 
packet 82. The checksum packet 82 is generated at the SDC 
when the software product is initially compressed and stored 
at the send computer. Based on the contents of the file 
received at the target computer 18, an algorithm contained in 
the receiver/installer program 24 generates a code or number 
based on the compressed file received at the target computer 
18. This number, which is generated using the same algo- 
rithm that generates the checksum when the software is 
compressed, is compared to the checksum packet 82. If the 
transmission has been successful, the two numbers are the 
same. At block 94 of FIG. 4, it is determined whether the 
transmission is successful by niatching the checksum packet 
82 with the code generated by the file copied to the target 
computer 18. If the codes are the same, the target computer 
18. as depicted in block 96, decrypts and decompresses the 
software and installs it on the target computer 18 or distrib- 
utes it to other peripheral computers for decompression and 
installation. If the checksum packet 82 does not match the 
file that was received from the host computer 10, then the 
target computer 18 deletes the file and waits for retransmis- 
sion of the software product 

Unlike the prior art which provides transmission through 
phone lines, the present invention is not limited in the 
number of customers who can receive a given transmission. 
Each customer who orders a particular software product 
receives the software from the same broadcast Therefore, 
theoretically a single broadcast transmits to an unlimited 
amount of users. 

The foregoing description of the preferred emrxxliment of 
the invention has been presented for the purposes of illus- 
tration and description. It is not intended to be exhaustive or 
to limit the invention to the precise form disclosed. Many 
modifications and variations are possible without departing 
from the scope of the invention as defined by the claims 
appended hereto. 

What is claimed is: 

1. A method of distributing software encrypted by a 
software encryption key to a target computer, comprising the 
steps of; 

receiving a number unique to the target computer; 



10 



encrypting the software encryption key using the number 

unique to the target computer unique number; 
transmitting the encrypted software encryption key to the 

target computer; 
communicating a timeslot and channel for broadcasting 

the encrypted software to the target computer; and 
broadcasting a message at the communicated timeslot and 

channel7me~nTes^sa^^mprising the encrypted~soft- — 

ware. 

2. The method of claim 1. wherein the broadcast timeslot 
is periodically scheduled according to a user request. 

3. The method of claim 1, wherein the transmission 
timeslot is-regularly-scheduled.- 



15 



20 



25 



30 



35 



40 



45 



50 



55 



60 



65 



4. The method of claim 1, wherein: 

the message further comprises a version packet notifying 
the target computer that an upgraded version of the 
software is being transmitted and enabling the target 
computer to download upgraded versions of software 
already installed on the target computer; and 

the method further comprises the step of decrypting the 
software using the target computer unique number 
when the version indicator indicates that an upgraded 
version of software already installed on the target 
computer is being broadcast 

5. The method of claim 1, wherein: 

the message further comprises a vendor header packet 
enabling the target computer to monitor broadcasts for 
software products offered by a vendor, 

6. The method of claim 1. further comprising the steps of: 
decrypting the software in the target computer using the 

target computer unique number; 
d^ermining if there are peripheral computers coupled to 
the target computer to receive the decrypted software; 
and 

distributing the decrypted software to the peripheral com- 
puters when there are peripheral computers coupled to 
the target computer to receive the decrypted software. 

7. The method of claim 1, wherein the message further 
comprises a checksum packet for determining if the target 
computer received the encrypted software without error, and 
the method further comprises the steps of: 

receiving the checksum packet in the target computer; 

processing the checksum packet in the target computer to 
determine if the encrypted software was received with- 
out error, 

providing the target computer information regarding a 
next broadcast of the software when the encrypted 
software was not received without error; and 

waiting for retransmission of the encrypted software. 

8. An apparatus for distributing software encrypted by a 
software encryption key to a target computer, comprising: 

means for receiving a number unique to the target com- 
puter; 

means for encrypting the software encryption key using 
the number unique to the target computer unique num- 
ber; 

means for transmitting the encrypted software encryption 
key to the target computer; 

means for communicating a timeslot and channel for 
broadcasting (he encrypted software to the target com- 
puter; and 

means for broadcasting a message at the communicated 
timeslot and channel, the message comprising the 
encrypted software. 
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9. The apparatus of claim 8. wherein the means for 
providing a times lot and channel for broadcasting the 
encrypted software to the target computer comprises means 
for periodically scheduling the timeslot according to a user 
request. 

10. The apparatus of claim 8. wherein the means for 
providing a timeslot and channel for broadcasting the 
encrypted software to the target computer comprises means 
for re gularly, scheduling me transmission time. 



8 

transmitting the encrypted software encryption key to the 

target computer, 
communicating a timeslot and channel for broadcasting 

the encrypted software to the target computer; and 
broadcasting a message at the communicated timeslot and 
channel, (he message comprising the encrypted soft- 
ware. 



11. Hie apparatus of claim 8, wherein: 
the message further comprises a version packet notifying 

the target computer that an upgraded version of the 
software is being transmitted and enabling the target 
computer to down load-Upgraded-versions-of-sofrware- 
already installed on the target computer; and 
the apparatus further comprises means for decrypting the 
software using the target computer unique number 
when the version indicator indicates that an upgraded 
version of software already installed on the target 
computer is being broadcast. 

12. The apparatus of claim 8,wherein the message further 
comprises a vendor header packet enabling the target com- 
puter to monitor broadcasts for software products offered by 
a vendor. 

13. The apparatus of claim 8, further comprising: 
means for decrypting the software in the target computer 

using the target computer unique number, 
means for determining if there are peripheral computers 
coupled to the target computer to receive the decrypted 
software; and 

means for distributing the decrypted software to the 
peripheral computers when there are peripheral com- 
puters coupled to the target computer to receive the 
decrypted software. 

14. The apparatus of claim 8. wherein the message further 
comprises a checksum packet for determining if the target 
computer received the encrypted software without error, and 
the apparatus further comprises: 

means for receiving the checksum packet in the target 
computer, 

means for processing the checksum packet in the target 
computer to detcxroinc if the encrypted software was 
received without error; 

providing the target computer information regarding a 
next broadcast of the software when the encrypted 
software was not received without error; and 

waiting for retransmission of the encrypted software. 

15. A program storage device, readable by computer, 
tangibly embodying one or more programs of instructions 
executable by the computer to perform method steps of 
distributing software encrypted by a software encryption key 
to a target computer, the method steps comprising the steps 
of: 

receiving a number unique to the target computer; 
encrypting the software encryption key using the number 
unique to the target computer unique number; 
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~ 16! Tbe^program storage device of claim 15, wherein the 
broadcast timeslot is periodically scheduled according to a 
user request 

17. The program storage device of claim 15. wherein the 
transmission timeslot is regularly scheduled. 



18. The program storage device of claim 15. wherein: 
the message further comprises a version packet notifying 

the target computer that an upgraded version of the 
software is being transmitted and enabling the target 
computer to download upgraded versions of software 
already installed on the target computer; and 
the method steps further comprises the method step of 
decrypting the software using the target computer 
unique number when the version indicator indicates 
that an upgraded version of software already installed 
on the target computer is being broadcast 

19. The program storage device of claim 15. wherein: 
the message further comprises a vendor header packet 

enabling the target computer to monitor broadcasts for 
software products offered by a vendor. 

20. The program storage device of claim 15. wherein the 
method steps further comprise the method steps of: 

decrypting the software in the target computer using the 

target computer unique number; 
deterrnining if mere are peripheral computers coupled to 

the target computer to receive the decrypted software; 

and 

distributing the decrypted software to the peripheral com- 
puters when there are peripheral computers coupled to 
the target computer to receive the decrypted software. 

21. The program storage device of claim 15, wherein the 
message further comprises a checksum packet for determin- 
ing if the target computer received the encrypted software 
without error, and the method steps further comprise the 
method steps of: 

receiving the checksum packet in the target computer; 

processing the checksum packet in the target computer to 
determine if the encrypted software was received with- 
out error; 

providing the target computer information regarding a 
next broadcast of the software when the encrypted 
software was not received without error* and 

waiting for retransmission of the encrypted software. 



02/06/2004, EAST 



Version: 1.4.1 



